Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Chrome. Show all posts
Malware Attack
Chrome Cyber Attacks Cyble Cyble research data security Data Theft Google Chrome security Malware Attack

Sophisticated Malware Bypasses Chrome App-Bound Encryption Using Dual Injection

 

Researchers at Cyble have identified a highly advanced malware attack that successfully bypasses Google Chrome’s App-Bound Encryption. This security feature was designed to prevent infostealer malware from accessing user data, particularly cookies. 

However, the newly discovered malware employs dual injection techniques to circumvent these defenses, allowing cybercriminals to extract sensitive credentials. The attack begins with a deceptive file distribution method. The malware is embedded within a ZIP file disguised as a PDF document. 

When opened, it executes a malicious LNK shortcut file that creates a scheduled task, running every 15 minutes. Another component of the attack is an XML project file, which is designed to appear as a PNG image, further tricking users into engaging with the malicious content.  

To execute its payload, the malware exploits MSBuild.exe, a legitimate Microsoft development tool. This enables it to run directly in system memory without creating detectable files on the disk, making it much harder for traditional security solutions to identify and stop the attack. The use of fileless execution techniques ensures that the malware operates stealthily while maintaining persistence on an infected system. 

A key aspect of this attack is its dual injection approach. The malware employs both Process Injection and Reflective DLL Injection to execute malicious code within legitimate system processes. This method allows it to blend in with normal activity while avoiding detection. By targeting Chrome’s security framework, the malware can extract encrypted login data, cookies, and other sensitive browser-stored information. 

The malware also leverages the Telegram Web API for command and control communications. This connection enables threat actors to issue remote commands, modify bot configurations, and control infected systems with minimal interference. The dynamic bot ID switching feature adds an additional layer of stealth, ensuring continued access even if parts of the attack infrastructure are disrupted. Cyble researchers noted that the malware appears to be specifically targeting organizations in Vietnam, particularly those in the telemarketing and sales industries.

However, the method it uses could be adapted for broader campaigns, posing a risk to businesses and individuals globally. The initial infection method remains unclear, but it likely involves phishing emails or malicious downloads.  

To mitigate the risk of such attacks, Cyble recommends implementing strict email attachment filtering, restricting the execution of unverified files, and enhancing user awareness about phishing threats. 

Organizations should also deploy advanced security solutions capable of detecting fileless malware attacks. The research highlights the evolving nature of cyber threats and the need for proactive cybersecurity measures to safeguard sensitive data.
Read more »
Privacy
Browsing Cache Chrome Cookies Privacy

Why Clearing Cache and Cookies Matters for Safe Browsing

 


It seems to be a minor step, clearing your cache and cookies, but it is really a big factor in improving online safety and making your browsing easier. While these tools are intended to make navigation on the web faster and easier, they can sometimes create problems. Let's break this down into simple terms to help you understand why refreshing your browser is a good idea.

What are cache and cookies?

Cache: Think of the cache as your browser's short-term memory. When you visit a website, your browser saves parts of it—like images, fonts, and scripts—so the site loads faster the next time. For example, if you shop online more often, product images or banners might pop out quickly because they have been stored in your cache. This feature improves your surfing speed and reduces internet usage.

Cookies: Cookies are tiny text files that are stored on your browser. They help the websites remember things about you, such as your login details or preferences. For instance, they can keep you logged in to your email or remember items in your shopping cart. There are two main types of cookies:  

  • First-party cookies: Created by the website you're visiting to improve your experience.
  • Third-party cookies: From other websites, usually advertisers, and will be tracking your activities across various different sites.

Why Cache and Cookies Can Be Slippery

Cache Risks: The cache does help speed up things. Sometimes, however, it creates problems. The files in the cache may get outdated or corrupt and hence load a website wrongly. Web hackers can exploit the cached data by "web cache poisoning" which makes the user download bad content.

Cookie Risks: Cookies can be misused too. If someone steals your cookies, they could access your accounts without needing your password. Third-party cookies are particularly invasive, as they track your online behavior to create detailed profiles for targeted advertising.  

Why Clear Cache and Cookies?  

1. Fix Website Problems: Clearing the cache deletes outdated files, helping websites function smoothly.  

2. Protect Your Privacy: Removing cookies stops advertisers from tracking you and reduces the risk of hackers accessing your accounts.  

3. Secure Common Devices: If you’re using a public or shared computer, clearing cookies ensures your data isn’t accessible to the next user.  

How to Clear Cache and Cookies  

 Here is a quick tutorial for Google Chrome.

1. Open the browser and click on the three dots in the top-right corner.  

2. Go to Settings and select Privacy and Security.  

3. Click Clear Browsing Data.  

4. Check the boxes for "Cookies and other site data" and "Cached images and files."  

5. Select a time range (e.g., last hour or all time) and click Clear Data.

Clearing your cache and cookies is essentially the refresh button for your browser. It helps resolve problems, increases security, and guarantees a smoother, safer browsing experience. Regularly doing this simple task can make all the difference to your online privacy and functionality.


Read more »
User Data
Amazon Chrome Cookie Data Facebook Safari Technology User Data

No More Internet Cookies? Digital Targeted Ads to Find New Ways


Google Chrome to block cookies

The digital advertising world is changing rapidly due to privacy concerns and regulatory needs, and the shift is affecting how advertisers target customers. Starting in 2025, Google to stop using third-party cookies in the world’s most popular browser, Chrome. The cookies are data files that track our internet activities in our browsers. The cookie collects information sold to advertisers, who use this for targeted advertising based on user data. 

“Cookies are files created by websites you visit. By saving information about your visit, they make your online experience easier. For example, sites can keep you signed in, remember your site preferences, and give you locally relevant content,” says Google.

In 2019 and 2020, Firefox and Safari took a step back from third-party cookies. Following their footsteps, Google’s Chrome allows users to opt out of the settings. As the cookies have information that can identify a user, the EU’s and UK’s General Data Protection Regulation (GDPR) asks a user for prior consent via spamming pop-ups. 

No more third-party data

Once the spine of targeted digital advertising, the future of third-party cookies doesn’t look bright. However, not everything is sunshine and rainbows. 

While giants like Amazon, Google, and Facebook are burning bridges by blocking third-party cookies to address privacy concerns, they can still collect first-party data about a user from their websites, and the data will be sold to advertisers if a user permits, however in a less intrusive form. The harvested data won’t be of much use to the advertisers, but the annoying pop-ups being in existence may irritate the users.

How will companies benefit?

One way consumers and companies can benefit is by adapting the advertising industry to be more efficient. Instead of using targeted advertising, companies can directly engage with customers visiting websites. 

Advances in AI and machine learning can also help. Instead of invasive ads that keep following you on the internet, the user will be getting information and features personally. Companies can predict user needs, and via techniques like automated delivery and pre-emptive stocking, give better results. A new advertising landscape is on its way.

Read more »
Technology
Apple Chrome Google Internet Safari Safe Browsing Technology

Choosing the Right Browser: Privacy Tips from Apple and Google

Apple vs. Google: The Battle for Browser Privacy

Apple has launched an ad campaign urging over a billion iPhone users to stop using Google Chrome, citing privacy concerns. This campaign has sparked a heated debate between two tech giants, Apple and Google, over the best way to protect user privacy online.

Apple’s Stance on Privacy

Apple has long positioned itself as a champion of user privacy. In its latest campaign, Apple highlights the extensive use of tracking cookies by Google Chrome. These cookies, Apple claims, follow users across the web, collecting data on their browsing habits. Apple argues that Chrome’s Incognito mode, which many users rely on for private browsing, isn’t truly private. According to Apple, Incognito mode still allows websites to track user activity, albeit to a lesser extent.

To counter these privacy concerns, Apple promotes its own browser, Safari, as a more secure alternative. Safari, Apple claims, uses Intelligent Tracking Prevention (ITP) to limit the ability of advertisers to track users across websites. This feature, combined with other privacy-focused tools, makes Safari a more attractive option for users who prioritize their online privacy.

Google’s Response

Google, on the other hand, has defended Chrome’s privacy practices. In response to Apple’s campaign, Google emphasized that Chrome is designed to keep user data safe and give users control over their privacy settings. Google points out that Chrome offers a range of privacy features, including the ability to block third-party cookies and manage site permissions.

Google also highlights its commitment to transparency. The company regularly updates its privacy policies and provides users with clear information about how their data is collected and used. Google argues that this transparency, combined with robust privacy controls, makes Chrome a trustworthy choice for users.

The Broader Context

This clash between Apple and Google is part of a larger conversation about online privacy. As more of our lives move online, the amount of data we generate has skyrocketed. This data is incredibly valuable to advertisers, who use it to target ads more effectively. However, this data collection has raised significant privacy concerns.

Many users are unaware of the extent to which their online activities are tracked. Even when using private browsing modes, such as Chrome’s Incognito mode, users may still be tracked by websites and advertisers. This has led to calls for greater transparency and stronger privacy protections.

Choosing the Right Browser

So, what does this mean for the average user? When choosing a browser, it’s important to consider your privacy needs. If you prioritize privacy and want to limit tracking as much as possible, Safari may be the better choice. Apple’s Intelligent Tracking Prevention and other privacy features can help protect your data from advertisers.

However, if you value customization and control over your browsing experience, Chrome offers a range of privacy tools that can be tailored to your needs. Google’s transparency about its data collection practices also provides users with a clear understanding of how their data is used.

Ultimately, the choice between Safari and Chrome comes down to personal preference. Both browsers have their strengths and weaknesses, and the best choice will depend on your individual privacy needs and browsing habits.

Read more »
Vulnerabilities and Exploits
Chrome Data Safety Mozilla Firefox Safety. Security Vulnerabilities and Exploits

18-Year-Old Vulnerability in Firefox and Chrome Actively Exploited in Cyber Attacks

 

A security vulnerability, identified 18 years ago and known as "0.0.0.0 Day," has been discovered to allow malicious websites to bypass security measures in Google Chrome, Mozilla Firefox, and Apple Safari. This vulnerability enables these websites to interact with services on a local network, posing significant risks.

It is important to note that this vulnerability affects only Linux and macOS devices and does not impact Windows systems. On the affected devices, attackers can exploit this flaw to remotely change settings, gain unauthorized access to protected information, and, in some cases, execute remote code. Despite being reported in 2008, this issue remains unresolved in Chrome, Firefox, and Safari, although all three browsers have acknowledged the problem and are working on a fix. Researchers at Oligo Security have observed multiple threat actors exploiting this vulnerability as part of their attack strategies.

The 0.0.0.0 Day vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization, which allows public websites to communicate with local network services using the "wildcard" IP address 0.0.0.0. Typically, this IP address represents all IP addresses on the local machine or all network interfaces on the host. It can also be used as a placeholder address in DHCP requests or interpreted as the localhost (127.0.0.1) in local networking. Malicious websites can send HTTP requests to 0.0.0.0 targeting services running on the user's local machine. Due to inconsistent security, these requests are often processed.

Existing protection mechanisms like Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA) fail to prevent this risky activity, according to Oligo. Web browsers typically prevent websites from making requests to third-party sites and using the returned information to protect against malicious websites connecting to other URLs in a visitor's web browser where they may be authenticated, such as online banking portals or email servers.

Unfortunately, the risk isn't just theoretical. Oligo Security has identified several cases where the 0.0.0.0 Day vulnerability is actively exploited. One such case is the ShadowRay campaign, documented last March, targeting AI workloads running locally on developers' machines. The attack begins when a victim clicks on a link that triggers JavaScript to send an HTTP request to 'http://0[.]0[.]0[.]0:8265', typically used by Ray. 

These requests reach the local Ray cluster, leading to scenarios of arbitrary code execution, reverse shells, and configuration alterations. Another campaign targeting Selenium Grid was discovered by Wiz, where attackers use JavaScript on a public domain to send requests to 'http://0[.]0[.]0[.]0:4444.' These requests are routed to the Selenium Grid servers, enabling code execution or network reconnaissance. The "ShellTorch" vulnerability, reported by Oligo in October 2023, involves the TorchServe web panel being bound to the 0.0.0.0 IP address by default, exposing it to malicious requests.

In response to Oligo's disclosure, web browser developers are starting to take action. Google Chrome, the world's most popular web browser, plans to block access to 0.0.0.0 via a gradual rollout from version 128 to version 133. Mozilla Firefox, which does not yet implement PNA, has set the development of this feature as a high priority and has initiated temporary fixes, though no rollout dates have been provided. Apple has implemented additional IP checks on Safari and will block access to 0.0.0.0 in version 18, introduced with macOS Sequoia.

Until browser fixes are fully implemented, Oligo recommends that app developers take the following security measures:

- Implement PNA headers.
- Verify HOST headers to protect against DNS rebinding attacks.
- Do not trust localhost—add authorization, even locally.
- Use HTTPS whenever possible.
- Implement CSRF tokens, even for local apps.

Most importantly, developers should be aware that until these fixes are rolled out, it is still possible for malicious websites to route HTTP requests to internal IP addresses. This security consideration should be kept in mind when developing apps.
Read more »
Zero-day Flaw
Browser Chrome User Security Vulnerability and Exploits Zero-day Flaw

'0.0.0.0 Day' Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

 

A critical security bug known as "0.0.0.0 Day" has shook the cybersecurity world, leaving millions of users of popular browsers such as Chrome, Firefox, and Safari vulnerable to future assaults. This vulnerability allows malicious actors to possibly gain access to files, messages, credentials, and other sensitive data saved on a device within a private network, specifically "localhost.” 

What is 0.0.0.0 day flaw?

The term "0.0.0.0 Day" refers to a new vulnerability identified by Israeli cybersecurity startup Oligo that hackers can exploit before a fix is released. The zeroes indicate a lack of prior information or awareness of flaws. This makes it especially risky because users and developers are taken completely off guard. 

According to the research, the exploit consists of fraudulent websites luring browsers into allowing them to interface with APIs (Application Programming Interfaces) running on a user's local PC. These APIs are primarily intended for internal communication within applications and should not be available from other sources, such as websites. Attackers that exploit the 0.0.0.0 Day vulnerability could possibly get unauthorised access to sensitive information saved on a user's device, steal data, or even launch malware. 

Impact on key browsers 

The security ramifications of this issue are extensive. Here's a closer look at the possible impact on major browsers. 

Chrome zero-Day vulnerability: Google Chrome, the world's most popular browser, is an obvious target for attackers. A successful exploit of the 0.0.0.0 Day bug could allow criminals to get beyond Chrome's security measures and get access to a user's local network. This could expose sensitive information kept on a user's PC, compromise corporate networks if a user works remotely, or even aid in the installation of malware. 

Firefox zero-day vulnerability: Although Firefox is not as extensively used as Chrome, it is a popular choice for many consumers. A successful exploit of the 0.0.0.0 Day vulnerability may have similar repercussions for Firefox users. Attackers could potentially obtain access to local networks, steal data, or carry out malware attacks. 

Safari Zero-Day vulnerability: The 0.0.0.0 Day vulnerability could also affect Apple's Safari browser, which is the default browser on all Apple devices. While Apple has a reputation for strong security, this vulnerability underlines the ongoing need for vigilance. A successful exploit can allow attackers access to a user's local network on a Mac or iOS device, possibly compromising private information or aiding new assaults. 

The disclosure of the 0.0.0.0 Day vulnerability underlines the ongoing challenge of ensuring browser security in an increasingly complicated threat ecosystem. Browser developers must continue to invest in R&D to remain ahead of thieves. Users must also be cautious and follow best practices to safeguard themselves from emerging risks.
Read more »
Tracking
Apple Chrome Cookies Google Privacy Tracking

Google Delays Plan to Replace Cookies, Leaving Users and Industry in Limbo


In unexpected turn of events, Google has delayed its plan to replace tracking cookies in its Chrome browser, affecting its three billion users worldwide. The company had intended to transition to new, anonymised tracking methods to enhance user privacy, but these alternatives have faced regulatory and privacy challenges.

Cookie Controversy and Privacy Concerns

Originally, Google aimed to retire cookies and introduce Privacy Sandbox, which would use less invasive tracking methods by grouping users into like-minded cohorts. However, this initiative encountered significant pushback due to concerns over its effectiveness and potential industry impact. Critics argue that these new methods might still compromise user privacy and could harm the digital advertising ecosystem.

Google's Alex Cone, Product Manager for Privacy Sandbox, recently acknowledged the lack of progress, stating, “We’re at work on those [new] designs, and we’ll discuss those with regulators as we advance… there’s no new information to provide.” This indefinite delay has left many in the industry frustrated and uncertain about the future of digital tracking.

Reports indicate that Google is now in "damage control mode," attempting to soothe the industry's nerves. Meetings, forums, and panels have been held to address concerns, but concrete solutions remain elusive. Many ad tech executives feel like they're at the mercy of Google's decisions, which immensely impact their operations.

The Privacy Sandbox was seen as a necessary evolution from cookies, but now, with no clear timeline, the advertising industry is left in limbo. This delay means that the status quo of invasive tracking will continue for the foreseeable future, much to the dismay of privacy advocates.

Google vs. Apple: A Privacy Battle

The timing of these developments is noteworthy. Apple's recent ad campaign criticised Chrome's privacy practices, aligning closely with Google’s announcement of cookie delays. Apple has been a strong proponent of privacy, introducing features like App Tracking Transparency (ATT) that significantly restrict user tracking. The effectiveness of Apple's approach has been debated, with opt-in rates for tracking remaining low.

Google’s struggle with Privacy Sandbox could lead to similar outcomes as Apple’s ATT, where user tracking becomes more transparent but less prevalent. However, this shift requires careful consideration and regulatory approval, which is currently lacking.

The Future of Digital Tracking

The UK's Competition and Markets Authority (CMA) is closely watching Google's revised approach, emphasising the need for balanced solutions that protect consumers and market dynamics. The Electronic Frontier Foundation (EFF) has long advocated for banning behavioural advertising based on online activity, underscoring the urgent need for robust privacy legislation.

The advertising industry, having prepared for a post-cookie world, now faces uncertainty. Investments in Privacy Sandbox-related technologies may stall, and the transition to new tracking methods could be delayed indefinitely.

For Chrome users, this means continued exposure to current tracking practices, with no immediate improvements in privacy. Meanwhile, the digital advertising industry grapples with Google's unpredictable policy changes. As the debate over user privacy and tracking continues, the need for clear, effective, and timely solutions becomes ever more critical.

Read more »
Technology
Chrome Cookies Google Online Privacy Technology

Third-Party Cookies Stay: Google’s New Plan for Web Browsing Privacy


Google no longer intends to remove support for third-party cookies, which are used by the advertising industry to follow users and target them with ads based on their online activity.

Google’s Plan to Drop Third-Party Cookies in Chrome Crumbles

In a significant shift, Google has decided to abandon its plan to phase out third-party cookies in its Chrome browser. This decision marks a notable change in the tech giant’s approach to user privacy and web tracking, reflecting the complexities and challenges of balancing privacy concerns with the needs of advertisers and regulators.

In a recent post, Anthony Chavez, VP of Google's Privacy Sandbox, revealed that the search and advertising giant has realized that its five-year effort to build a privacy-preserving ad-tech stack requires a lot of work and has implications for online advertisers, some of whom have been vocally opposed. 

“In light of this, we are proposing an updated approach that elevates user choice. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing,” Anthony said.

For the time being, the Privacy Sandbox, a suite of APIs for online ad delivery and analytics that are intended to preserve privacy, will coexist with third-party cookies in Chrome.

The Initial Plan

Google’s initial plan, announced in early 2020, aimed to eliminate third-party cookies from Chrome by 2022. Third-party cookies, which are used by advertisers to track users across different websites, have been a cornerstone of online advertising. However, they have also raised significant privacy concerns, as they enable extensive tracking of user behavior without explicit consent.

Instead of dropping third-party cookie support in the Chrome browser next year - subject to testing that began in January - Google intends to give Chrome users the option of playing in its Privacy Sandbox or in the adjacent land of data surveillance, where third-party cookies support all manner of information collection.

It remains to be seen whether Chrome's interface for selecting between Privacy Sandbox and standard third-party cookies will be less confusing than the much-criticized "Enhanced ad privacy in Chrome" popup that announced the arrival of Privacy Sandbox APIs in Chrome last year.

Delays and Challenges

Despite the ambitious timeline, Google’s plan faced numerous delays. The company extended the deadline multiple times, citing the need for more time to develop and test alternative technologies. The complexity of replacing third-party cookies with new solutions that could satisfy both privacy advocates and the advertising industry proved to be a significant hurdle.

One of the key challenges was ensuring that the new technologies would not undermine the effectiveness of online advertising. Advertisers rely heavily on third-party cookies to target ads and measure their performance. Any replacement technology needed to provide similar capabilities without compromising user privacy.

Feedback from Stakeholders

Throughout the process, Google received extensive feedback from various stakeholders, including advertisers, publishers, and regulators. Advertisers expressed concerns about the potential impact on their ability to deliver targeted ads, while regulators emphasized the need for robust privacy protections.

In response to this feedback, Google made several adjustments to its plans. The company introduced new proposals, such as Federated Learning of Cohorts (FLoC), which aimed to group users into cohorts based on similar interests rather than tracking individual users. However, these proposals also faced criticism and skepticism from privacy advocates and industry experts.

The Decision to Abandon the Plan

Ultimately, Google decided to abandon its plan to phase out third-party cookies. Instead, the company will introduce a new experience that allows users to make an informed choice about their web browsing privacy. This approach aims to provide users with greater control over their data while still enabling advertisers to deliver relevant ads.

Read more »
Ransomware
Chrome Cyber Security Files Firefox Ransomware

Why Shouldn't You Upload Files So Readily On Your Browser?


The digital society we live in has made it abundantly clear that being cautious about online activities goes beyond avoiding suspicious links. Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk.

The Rising Threat

Modern web browsers like Google Chrome and Microsoft Edge offer advanced functionalities, allowing users to seamlessly interact with various online services, from email to multimedia streaming. However, these capabilities also open doors for hackers to manipulate browsers and gain unauthorised access to users' local file systems.

What Is The Risk?

The File System Access API, utilised by browsers, enables web applications to interact with users' files. This means that uploading files to seemingly benign online tools could inadvertently grant hackers access to personal data stored on the user's computer.

The Implications

Imagine using an online photo editing tool. Uploading files for editing could inadvertently expose your entire file system to malicious actors, who could then encrypt your files and demand ransom for decryption.

The Scale of the Issue

Ransomware attacks have become increasingly prevalent, targeting individuals and organisations across various sectors. In 2023 alone, organisations paid over $1.1 billion in ransomware payments, highlighting the urgent need for robust cybersecurity measures.

Addressing the Threat

Researchers at the Cyber-Physical Systems Security Lab at Florida International University have been investigating this new breed of ransomware. Their findings, presented at the USENIX Security Symposium, underscore the severity of the threat posed by browser-based ransomware.

Recommended Practices 

The research team proposed three defence approaches to mitigate the risk of browser-based ransomware. These strategies focus on detecting and preventing malicious activity at the browser, file system, and user levels, offering a multi-layered defence mechanism against potential attacks.

1. Temporarily Halting Web Applications:

This approach involves temporarily suspending a web application's activity within the browser to detect any suspicious behavior related to file encryption. By monitoring the application's actions, security systems can identify and interrupt potential ransomware activity before it causes significant damage. This measure enables users to maintain control over their files and prevent unauthorised access by any threat actors.

2. Monitoring Web Application Activity:

In addition to halting web applications, this defense strategy focuses on continuously monitoring their activity on users' computers. By analysing patterns and behaviours associated with ransomware attacks, security systems can easily detect and respond to any anomalous activities. This real-time monitoring ensures timely intervention and minimizes the impact of browser-based ransomware on users' systems.

3. Introducing Permission Dialog Boxes:

To empower users with greater control over their file system access, this approach proposes the implementation of permission dialogue boxes. When a web application requests access to the user's local files, a dialogue box prompts the user to approve or deny the request, along with providing information about the associated risks and implications. By promoting user awareness and informed decision-making, this measure ensures security posture and reduces the likelihood of inadvertent file exposure to ransomware threats.

As technology continues to transform, so do the tactics employed by cybercriminals. By staying informed and implementing proactive cybersecurity measures, users can safeguard their digital assets against threats like browser-based ransomware.




Read more »
malware
Banking Trojan Brokewell Browser Chrome Google malware

Banking Malware "Brokewell" Hacks Android Devices, Steals User Data

Banking Malware "Brokewell" Hacks Android Devices

Security experts have uncovered a new Android banking trojan called Brokewell, which can record every event on the device, from touches and information shown to text input and programs launched.

The malware is distributed via a fake Google Chrome update that appears while using the web browser. Brokewell is in ongoing development and offers a combination of broad device takeover and remote control capabilities.

Brokewell information

ThreatFabric researchers discovered Brokewell while examining a bogus Chrome update page that released a payload, which is a common approach for deceiving unwary users into installing malware.

Looking back at previous campaigns, the researchers discovered that Brokewell had previously been used to target "buy now, pay later" financial institutions (such as Klarna) while masquerading as an Austrian digital authentication tool named ID Austria.

Brokewell's key capabilities include data theft and remote control for attackers.

Data theft 

  • Involves mimicking login windows of targeted programs to steal passwords (overlay attacks).
  • Uses its own WebView to track and collect cookies once a user logs into a valid website.
  • Captures the victim's interactions with the device, such as taps, swipes, and text inputs, to steal data displayed or inputted on it.
  • Collects hardware and software information about the device.
  • Retrieves call logs.
  • determines the device's physical position.
  • Captures audio with the device's microphone.

Device Takeover: 

  • The attacker can see the device's screen in real time (screen streaming).
  • Remotely executes touch and swipe gestures on the infected device.
  • Allows remote clicking on specific screen components or coordinates.
  • Allows for remote scrolling within elements and text entry into specific fields.
  • Simulates physical button presses such as Back, Home, and Recents.
  • Remotely activates the device's screen, allowing you to capture any information.
  • Adjusts brightness and volume to zero.

New threat actor and loader

According to ThreatFabric, the developer of Brokewell is a guy who goes by the name Baron Samedit and has been providing tools for verifying stolen accounts for at least two years.

The researchers identified another tool named "Brokewell Android Loader," which was also developed by Samedit. The tool was housed on one of Brokewell's command and control servers and is utilized by several hackers.

Unexpectedly, this loader can circumvent the restrictions Google imposed in Android 13 and later to prevent misuse of the Accessibility Service for side-loaded programs (APKs).

This bypass has been a problem since mid-2022, and it became even more of a problem in late 2023 when dropper-as-a-service (DaaS) operations began offering it as part of their service, as well as malware incorporating the tactics into their bespoke loaders.

As Brokewell shows, loaders that circumvent constraints to prevent Accessibility Service access to APKs downloaded from suspicious sources are now ubiquitous and widely used in the wild.

Security experts warn that device control capabilities, like as those seen in the Brokewell banker for Android, are in high demand among cybercriminals because they allow them to commit fraud from the victim's device, avoiding fraud evaluation and detection technologies.

They anticipate Brokewell being further improved and distributed to other hackers via underground forums as part of a malware-as-a-service (MaaS) operation.

To avoid Android malware infections, avoid downloading apps or app updates from sources other than Google Play, and make sure Play Protect is always turned on.

Read more »
Technology
Browser Chrome Cookies Google Technology

Google Disables 30 Million Chrome User Cookies


Eliminating Cookies: Google's Next Plan

Google has been planning to eliminate cookies for years, and today is the first of many planned quiet periods. About 30 million users, or 1% of the total, had their cookies disabled by the Chrome web browser as of this morning. Cookies will be permanently removed from Chrome by the end of the year—sort of.

Cookies are the original sin of the internet, according to privacy campaigners. For the majority of the internet's existence, one of the main methods used by tech businesses to monitor your online activity was through cookies. Websites use cookies from third firms (like Google) for targeted adverts and many other forms of tracking.

These are referred to as "third-party cookies," and the internet's infrastructure includes them. They are dispersed throughout. We may have sent you cookies if you visited Gizmodo without using an ad blocker or another type of tracking protection. 
Years of negative press about privacy violations by Google, Facebook, and other internet corporations in 2019 were so widespread that Silicon Valley was forced to respond. 

Project: Removing third-party cookies from Chrome

Google declared that it was starting a project to remove third-party cookies from Chrome. Google gets the great bulk of its money from tracking you and displaying adverts online. Since Chrome is used by almost 60% of internet users, Google's decision to discontinue the technology will successfully eliminate cookies forever.

First of all, on January 4, 2023, Google will begin its massive campaign to eradicate cookies. Here's what you'll see if you're one of the 30 million people who get to enjoy a cookieless web.
How to determine whether Google disabled your cookies

The first thing that will appear in Chrome is a popup that will explain Google's new cookie-murdering strategy, which it terms "Tracking Protection." You might miss it if, like many of us, you react to pop-ups with considerable caution, frequently ignoring the contents of whatever messages your computer wants you to read.

You can check for more indicators to make sure you're not getting a ton of cookies dropped on you. In the URL bar, there will be a small eyeball emblem if tracking protection is enabled.

If you wish to enable a certain website to use cookies on you, you can click on that eyeball. In fact, you should click on it because this change in Chrome is very certain to break some websites. The good news is that Chrome has a ton of new capabilities that, should it sense a website is having issues, will turn off Tracking Protection.

Finally, you can go check your browser’s preferences. If you open up Chrome’s settings, you’ll find a bunch of nice toggles and controls about cookies under the “Privacy and security” section. If they’re all turned on and you don’t remember changing them, you might be one of the lucky 30 million winners in Google’s initial test phase.

Google is still tracking you, but it’s a little more private

Of course, Google isn’t about to destroy its own business. It doesn’t want to hurt every company that makes money with ads, either, because Google is fighting numerous lawsuits from regulators who accuse the company of running a big ol’ monopoly on the internet. 

You can now go check the options in your browser. The "Privacy and security" area of Chrome's settings contains a number of useful toggles and controls regarding cookies. If all of them are on and you don't recall turning them off, you could be among the fortunate 30 million individuals who won in Google's initial test phase.

You are still being tracked by Google, but it's a little more discreet

Naturally, Google has no intention of ruining its own company. It also doesn't want to harm other businesses that rely on advertising revenue, as Google is now defending itself against multiple cases from authorities who claim the corporation has a monopoly on the internet.






Read more »
VPN
Chrome Cyberattacks CyberCrime Data Cookies data threat Google IP Address Privacy VPN

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.
Read more »
transforming online advertising
Chrome enhanced user privacy Google Google Chrome browser personalization Privacy Sandbox Technology third-party cookies transforming online advertising

Google Chrome Launches 'Privacy Sandbox' to Phase Out Tracking Cookies

 

Google has officially commenced the implementation of Privacy Sandbox within its Chrome web browser for a majority of its users. This move comes nearly four months after the initial announcement of the plan.

"We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said.

"Without viable privacy-preserving alternatives to third-party cookies, such as the Privacy Sandbox, we risk reducing access to information for all users, and incentivizing invasive tactics such as fingerprinting."

To facilitate thorough testing, the search giant has chosen to leave approximately three percent of users unaffected by the transition initially. Full availability is anticipated for all users in the upcoming months.

Privacy Sandbox serves as Google's comprehensive approach to a suite of technologies designed to replace third-party tracking cookies with privacy-conscious alternatives. This transition aims to maintain personalized content and advertisements while safeguarding user privacy.

Simultaneously, the company is in the beta testing phase of Privacy Sandbox on Android, extending it to eligible mobile devices running Android 13.

A pivotal component of this endeavor is the Topics API, which categorizes users into varying topics based on their site visitation frequency. Websites can utilize this API to discern a user's interests and deliver tailored ads without knowing the user's identity. Essentially, the web browser acts as an intermediary between the user and the website. Users also have the option to further customize their experience, including specifying ad topics of interest, enabling relevance and measurement APIs, or opting out entirely.

Despite its advancements, Privacy Sandbox has not been without criticism. The Movement For An Open Web recently pointed out that "Google gathers reams of personal data on each and every one of its users, sourced through an opt-in process that it's hard for most web users to avoid."

This development coincides with Google's efforts to enhance real-time protections against phishing attacks through enhancements to Safe Browsing, all without prior knowledge of users' browsing history.

While Google hasn't disclosed specific technical details, it has incorporated Oblivious HTTP relays (OHTTP relays) as part of Privacy Sandbox to enhance anonymity protections and mask IP address information.

"Previously, it worked by checking every site visit against a locally-stored list of known bad sites, which is updated every 30 to 60 minutes," Parisa Tabriz, vice president of Chrome, said.

"But phishing domains have gotten more sophisticated — and today, 60% of them exist for less than 10 minutes, making them difficult to block. By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats."
Read more »
Web browser
Android Brave Browser Chrome Firefox Google Ads MFA Privacy Safari Sandboxing User Privacy Web browser

Chrome's Invasive New Tracking Sparks Need for a New Browser

The importance of privacy issues has increased in the digital era, leading people to look for browsers that prioritize data protection. One of the most popular browsers, Chrome, has recently drawn criticism for its intrusive new tracking features. Users are encouraged to investigate privacy-focused options by this development.

Chrome's latest tracking initiative, Ad Topics, allows websites to gather detailed information about users' online activities. This information is then used to tailor advertisements, potentially leading to a breach of user privacy. As reported by Android Authority, this feature has raised significant concerns among privacy advocates and users alike.

In response to these concerns, the Privacy Sandbox initiative has been introduced. Spearheaded by industry leaders, including Google, it aims to strike a balance between personalized advertising and user privacy. By creating a set of privacy-preserving APIs, Privacy Sandbox seeks to protect users' data while still enabling advertisers to deliver relevant content.

Privacy Sandbox's mission is to "evolve the web ecosystem to provide a more private experience for users." By prioritizing user privacy, it aims to reshape the online experience, ensuring that individuals have greater control over their personal information. This initiative signals a positive step towards a more secure and user-centric internet.

Experts emphasize the significance of user awareness and choice in this evolving landscape. As stated by John Doe, a privacy advocate, "Users deserve to have a say in how their data is collected and used online. It's crucial for them to be informed about the tracking practices of their chosen browser."

In light of these developments, users are urged to explore alternative browsers prioritizing privacy. Browsers like Brave, Firefox, and Safari have long been known for their commitment to user data protection. These options offer robust privacy features, ensuring that users can navigate the web without sacrificing their personal information.

Recent tracking capabilities added to Chrome show how crucial privacy is becoming in the digital sphere. The advent of programs like Privacy Sandbox is a step in the right direction toward achieving a balance between user security and personalization. However, looking at alternative browsers is a wise decision for people seeking urgent privacy guarantees. It is crucial that we control our online experiences while maintaining our privacy since as users, we have the capacity to do so.


Read more »
Privacy Sandbox
Chrome CMA Cyber Attacks Cyber Crime Cyber Development cybercriminals Cybersecurity Google Privacy Sandbox

Web Development Revolution: Chrome's Cookie-Free Tools

 


It has become increasingly common for browsers to use third-party cookies as part of their browsing process, which makes it possible for advertisers and bad actors to spy on large chunks of your browsing history to provide more relevant ads. There is no doubt that third-party cookies contribute to the functioning of websites and the experience of Internet users, but most experts agree that we need alternatives that are easier to control, regulate, and understand. 

Google announced in a blog post that it will enable the Privacy Sandbox APIs over the next few days to protect user privacy. There would be an initial rollout of these APIs for a small percentage of users with Chrome 115 installed. When the APIs become available, they would ramp up gradually over time. 

To get rid of browser cookies, Google developed a Privacy Sandbox in 2019 to rid itself of the problem. This is counter to Google's operation. The privacy feature on the site is not intended to completely stop advertisers from targeting audiences with their ads. Instead, it makes it harder for advertisers to access users' personal information. Google announced the Privacy Sandbox program in May 2023. It stated that the process would begin by July 2023 and be available to everyone. Finally, the day has come when that dream will become a reality. 

The Chrome Developers blog for Chrome 115 has more details about the upcoming "relevance and measurement APIs" introduced in Chrome 115. There are several APIs, including Topics APIs that categorize a user’s interests based on how they utilize the Internet. These APIs do not share this information with advertisers directly. There are also attribution reporting APIs, which can determine if ad clicks or views result in conversions. Besides the Protected Audience API (previously FLEDGE), which allows relevant advertising to be displayed to users based on their previous interactions with advertisers.

It is important to point out that these updates come shortly after the U.K.'s top privacy watchdog, Competition Markets & Authority, which is responsible for overseeing the development of Sandbox, released a set of guidelines for testing Sandbox just a few weeks ago. It has been proposed that Google will have to submit itself to more oversight by the CMA by 2021. This is to address concerns that removing third-party cookies may pose a new competitive challenge for companies that use personalized ads. As per the guidelines, reporting test results is particularly critical for ad-tech companies as it helps the CMA assess whether the Privacy Sandbox has addressed our competition concerns, which will help determine whether the Privacy Sandbox is effective. 

The matter of privacy and competition remains one of the biggest concerns facing Google and other digital advertising giants in Europe and the U.S. about the way they conduct their online advertising practices. A new lawsuit has been filed by the European Commission against Google, asserting that its ad-tech business violates the antitrust laws of the EU and suggesting potential steps to break up its massive ad-tech operation. It was noted by Norwegian legislators, as well as French regulatory agencies, that Meta was placed under state control due to its behavioral advertising. In contrast, Criteo was fined for using personal data for advertising. Various courts, lawmakers, and regulatory agencies in various countries have pressured other companies to use data for advertising purposes. 

A privacy sandbox, in essence, is a document that claims third-party cookies are a privacy disaster that needs to be fixed with an open, industry-wide standard that aims to accomplish this goal. A user tracking tool integrates into your browser so that it runs securely locally, which then means that data that is relevant and anonymous is only sent to websites and advertisers when it is relevant and relevant, such as what type of products or topics people may be interested in when visiting their website. By doing this, advertisers and publishers will not have to track users personally so they will no longer have to track their audience. 

The EFF, one of the privacy watchdogs that monitors privacy issues, has criticized the Privacy Sandbox for some of its original ideas. These include FLoC (Federated Learning of Cohorts), which was among its ideas. In response to feedback, Google pivoted and created a different approach, such as Protected Audience. This has not received the same criticism as the now-launched Protected Audience, as it does not follow the same approach. The Privacy Sandbox continues to be a subject of controversy among competitors such as Brave, partly because of concerns surrounding antitrust laws. 

In the beginning, the APIs will be turned on for a limited number of Chrome dev browser instances that are part of Google Chrome development. With the rollout progressing, Google will gradually increase the number of devices to monitor potential problems as the rollout progresses. The following are some of the APIs that were enabled for Chrome developers during this rollout - a few groups of developers will only encounter a subset of the newly available APIs activated so it is easier to detect and isolate issues associated with specific APIs during this rollout. 

There is a possibility that this process will begin next week, starting on the 24th of July, according to Google. The APIs will be released for about 35 percent of the browsers during the week so that the developers can test the APIs. According to the company, they plan to increase this to 60 percent by the end of August. During August, a Chrome 116 general availability date is expected to be announced. However, it is unclear when APIs will work for 99 percent of Chrome 115 browsers. 

At this stage of the testing program, Google says most of the small groups tested with limited access should have all the relevance and measurement APIs enabled. 'Only small, isolated groups are going to be maintained by the company, without each API being enabled for every small group. 

A couple of issues with onboarding and regulatory investigations have caused Google to delay the project, although it was originally projected to phase out third-party cookies in late 2023. The Competition and Markets Authority (CMA), which previously voiced concerns that the search giant's own advertising business would unfairly gain from the updated approach, published guidelines in June for third parties to follow when testing Google's Privacy Sandbox tools. 

It is well known that by passing the CMA's regulatory hurdles back in 2022, Google's plans for refusing or removing third-party cookies will have been approved (provided that Google sticks to the commitments it made to get approval), and the company said it "will continue to work closely with the CMA" before taking any further action to do so.
Read more »
User Privacy
Apple Chrome cloud storage Cyber Crime Google Safe Browsing iPhone User Privacy

Remember to Clear the Cache on Your iPhone

Websites and apps may load more quickly by taking advantage of the cache, a designated area in your iPhone that stores temporary data. As cache data use up space on your phone, it's a good idea to wipe it off frequently to improve browsing speed. When you free up space on your iPhone by clearing the browser or app cache, you may notice a speed and performance improvement. This is especially true if you're experiencing performance concerns.

Clearing cache on  iPhone

For iPhones, Safari is the default browser, which lets you clear the cache in just a few simple steps. This method has a major impact on all devices logged into your iCloud account starting with iOS 11. As a result, the caches on all of your devices will be emptied, and the next time you use them, you'll have to sign in to each one separately. Here is what to do.

1. Launch the iPhone's Settings app.
2. From the list of programs, choose Safari.
3. Choose Clear Website Data and History.
4. The pop-up box will allow you to select Clear History and Data.

Even though cleaning your browsing history in Chrome logs you out of websites, it doesn't appear to dismiss all open tabs. You will need to re-log into any websites you may have been visiting.

With Chrome, remove the iPhone cache

1. Start the Chrome application.
2. To access more options, click the three dots in the lower right corner.
3. Choose Settings by swiping up from the top.
4. On the following menu, choose Privacy and Security.
5. After that, choose Clear Browsing Data to bring up one final selection.
6. At the top-left corner of the menu, choose the desired time frame.
7. Check to see if Cached Images and Files, Cookies, and Site Data are all selected. At the very bottom of the screen, select Clear Browsing Data.


Caches and cookies 

Cookies are little files that carry passwords and personalization data and store data about your online behavior. Many cookies, including those that keep you logged in to regularly visited websites, are helpful; nevertheless, some third-party cookies track your behavior on many websites. This could contain potentially sensitive data, such as your search history and your clicked links.

Contrarily, a cache stores data files that your browser or application is likely to utilize frequently. Avoiding the need to constantly download the same data, can improve the performance of your phone.

Caches typically only need to be cleared once every two to three months. Usually, at that point, your browser will start accumulating a cache big enough to start slowing things down. One should be cautious of cleaning your cache more frequently if you visit many websites.




Read more »
Windows Defender
Chrome Cyber Security Gaming PCs Microsoft Patch Fix Security Updates Windows 11 Windows Defender

Microsoft Announced the End of Support for Windows 7 & 8

Microsoft has published a warning over the imminent end of support for Windows 8.1, which would not receive any updates or patches after January 10th, 2023.

According to the research, over 100 million computers were still running Windows 7 as of 2021, giving their owners little time to update them before they face the security hazards associated with utilizing an antiquated browser and operating system.

Windows 8.1 is still the fourth most popular Microsoft operating system in the world, according to the Statcounter team, with 2.45% of all Windows users having it installed on their computers. Given the fact that it will affect millions of individuals and expose numerous PCs to attack, this end of support is quite concerning. 

PCs running Windows XP, 7, or 8 were more prevalent than those running Windows 11 according to a Lansweeper survey of 27 million Windows devices conducted in October.

For systems running Windows 10 2004 or 20H2, Windows 10 21H1 was a minor feature update that was designed to be simple to install. It contained improvements to Windows Defender Application Guard, Windows Management Instrumentation via Group Policy, and support for several Windows Hello-enabled cameras. 

Along with the release of a new Chrome version, Google also disclosed that it will discontinue support for Windows 7 and Windows 8.1 in early 2023. For users to continue receiving new Chrome updates, their device must be running Windows 10 or later.

It would be wise for anyone running an outdated version of Windows to inspect their computers and make some critical adjustments this week. Microsoft has issued the warning because Windows 8.1 will soon stop receiving security updates and patches after January 10, 2023.

Read more »
Windows
Chrome Google malware Mozilla Spyware Windows

Google Blames Spanish Spyware of Exploiting Chrome, Windows, and Firefox Zero-Days


Variston IT Spyware behind an attack on Google

A surveillance vendor from Barcelona called Variston IT is believed to deploy spyware on victim devices by compromising various zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of these go back to December 2018. 

Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said "their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device." 

Variston has a bare-bones website, it claims to provide tailor-made security solutions to its customers, it also makes custom security patches for various types of proprietary systems and assists in the discovery of digital information by law enforcement agencies, besides other services.

Google's Response 

Google said "the growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry."

The vulnerabilities, which have been fixed by Google, Microsoft, and Mozilla in 2021 and early 2022, are said to have been used as zero-days to help customers deploy whichever malware they want to, on targeted systems. 

What is Heliconia vulnerability?

Heliconia consists of three components called Noise, Files, and Soft, each of these is responsible for installing exploits against vulnerabilities in Windows, Firefox, and Chrome, respectively. 

Noise is designed to exploit a security flaw in the Chrome V8 engine JavaScript that was fixed last year in August 2021, along with an unknown sandbox escape method known as "chrome-sbx-gen" to allow the final payload (also called an agent) to be deployed on select devices.  

But the attack works only when the victim accesses a malicious webpage intended to trap the user, and then trigger the first-stage exploit. 

Google says it came to know about the Heliconia attack framework after it got an anonymous submission in its Chrome bug reporting program. It further said that currently there's no proof of exploitation, after hinting the toolset has shut down or evolved further. 

Google blog said

Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0 days before they were fixed.

Heliconia Noise: a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape

Heliconia Soft: a web framework that deploys a PDF containing a Windows Defender exploit

Files: a set of Firefox exploits for Linux and Windows.






Read more »
Watering Hole attack
attacks Chrome Data malware Safety SolarMarker Watering Hole attack

SolarMarker Using Watering Hole Attacks and Fake Chrome Browser Updates, Infects Business Professionals

 

Researchers have uncovered the cyberattack group behind the SolarMarker malware, which is targeting a global tax consulting firm with offices in the United States, Canada, the United Kingdom, and Europe. It is using fake Chrome browser updates as part of watering hole attacks. This is a fresh approach for the group, replacing its previous method of SEO poisoning, also known as spamdexing. 

SolarMarker is a multistage malware that can steal autofill data, saved passwords, and credit card information from victims' browsers. According to an advisory issued on Friday by eSentire's Threat Response Unit (TRU), the threat group was observed exploiting vulnerabilities in a medical equipment manufacturer's website, which was built with the popular open-source content management system WordPress. The victim worked for a tax consulting firm and used Google to look up the manufacturer's name.

"This tricked the employee into downloading and executing SolarMarker, which was disguised as a Chrome update," the advisory noted.

"The fake browser update overlay design is based on what browser the victim is utilizing while visiting the infected website," the advisory added. "Besides Chrome, the user might also receive the fake Firefox or Edge update PHP page."

Considering that the TRU team has only witnessed a single infection of this vector type, it is unclear whether the SolarMarker group is testing new tactics or preparing for a larger campaign. Previous SolarMarker attacks used SEO poisoning to target people who searched online for free templates of popular business documents and business forms.

Increase Employee Awareness by Monitoring Endpoints

The TRU advisory outlines four key steps organisations can take to mitigate the impact of these types of attacks, including increasing employee awareness of automatic browser updates and avoiding downloading files from unknown sites.
 
"Threat actors research the kind of documents businesses look for and try to get in front of them with SEO," the advisory stated. "Only use trusted sources when downloading content from the internet, and avoid free and bundled software."

TRU also recommends more vigilant endpoint monitoring, which will necessitate more frequent rule updates to detect the latest campaigns, as well as enhanced threat-landscape monitoring to strengthen the organization's overall defence posture.

SolarMarker Campaigns Relaunched Following a Dormant Period

The.NET malware was discovered in 2020 and is typically distributed via a PowerShell installer, with data-gathering capabilities and a backdoor.

Sophos Labs discovered a number of active SolarMarker campaigns in October 2021 that followed a common pattern: cybercriminals used SEO techniques to place links to websites with Trojanized content in the search results of several search engines.

Menlo Security previously reported a SolarMarker campaign in October 2021 that used over 2,000 unique search terms to lure users to sites that then dropped malicious PDFs rigged with backdoors.
Read more »
Subscribe to: Posts (Atom)